Re: download ACL which services are supported ?

jjpeyrache · ‎06-19-2003

hi

with 6.2 we can download ACL per services (Telnet/HTTP/FTP)

to authorize users to work on ,but about other services like HTTPS or

SSH and special TCP ports application , are they supported also ?

or is it restricted to Telnet/HTTP/FTP ?

thanks in advance for any hints on that

JYP

sghosh · ‎06-19-2003

Hi JYP,

If you mean downloadable ACL in PIX 6.2 as per this link, there is not restriction to what all ports you can block and allow.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/mngacl.htm#1030990

Thanks

Sujit

jjpeyrache · ‎06-20-2003

Hi Sujit

thanks for your response, customer claimed that doesnt work with

HTTPS protocol ??

JYP

shannong · ‎06-20-2003

It is true that if you use the manual CLI to define authorizations you cannot do HTTPS. You can only do HTTP, FTP, and Telnet. However, the per-user ACL download places the ACL on the interface you authorizing on. This creates a temporary ACL on the input of that interface for that user/ip-address which allows you to define anything you would normally define in an interface ACL.

-S

jjpeyrache · ‎06-20-2003

thanks for your response, do you have any configuration examples available for this per-user ACL ?

JYP